Security audit

Deep Research Mode

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only deep research workflow with disclosed high resource use, and no evidence of hidden code, credential access, exfiltration, or destructive behavior.

Install only if you deliberately want a potentially expensive long-running research assistant mode. Invoke it explicitly, confirm before launching large runs, and set practical limits for agents, runtime, model choice, and budget; review any separately obtained helper scripts before using them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are broad, natural-language expressions such as '组织专家讨论' and '攻克这个科研难题', which can plausibly appear in ordinary conversation and cause unintended invocation. In this skill, accidental activation is more dangerous because it requests expensive multi-agent orchestration, stronger models, and long-running work, creating unnecessary cost, latency, and possible workflow disruption.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal